Specifications
Chapter 12
12 - 18
name. This is useful because you need to be able to log in even if the
authentication server is down (or if its name gets changed and the
/etc/login.conf file needs to be updated).
# login davidh:passwd
or
# ssh bigip -l "davidh:passwd"
Only the styles that you specify are accepted. For example, davidh:ldap
would fail, since that style was not specified.
Requiring different authentication styles for different applications
You can configure the BIG-IP authentication system to require different
authentication styles for different applications. The following example (see
Figure 12.15) would use password authentication by default (at the console),
but would require RADIUS for FTP and LDAP for SSH, and would accept
RADIUS, LDAP, or network password logins (telnet).
Note
RADIUS authentication through the BIG-IP is based on the
username/password only. It does not support challenge-response
authentication methods.
my-defaults:\
:auth-ftp=radius:\
:radius-server=<my_radius_server>:\
:auth-ssh=ldap:\
:ldap-server=<my_ldap_server>:\
:ldap-basedn=ou=People,dc=<f5>,dc=<com>:\
:auth-network=radius,ldap,passwd:\
:auth=passwd:
default:\
:path=/bin /usr/bin /usr/contrib/bin:\
:datasize-cur=16M:\
:tc=my-defaults:
Figure 12.15 Example of password authentication with RADIUS required
for other applications